Lori Manca’s Post

Keeping your IT systems up-to-date is crucial for security and performance, but how do you minimize downtime? Our latest blog dives into the best practices and technologies that can help streamline this process. 💡 Discover how tools like Microsoft Intune and Azure Arc can enhance your update management strategies, ensuring your systems are secure without disrupting business operations. We cover everything from planning updates effectively to leveraging technology for efficient rollout and compliance. 👉 Read more about how to maintain robust security while minimizing downtime: https://lnkd.in/g28ajqPu #ITManagement #Cybersecurity #MicrosoftIntune #AzureArc #Velosio

Complexity drives more than security risk. Secure Access can help with that too.

Shadow IT is as prevalent as ever. With organizations using over 1,000 cloud applications on average, the risks and challenges continue to grow. But what if instead of seeing Shadow IT as just a threat, we viewed it a little differently?   In our latest article, we explore Shadow IT—identifying its forms, understanding why employees turn to these solutions, and addressing the inherent risks and opportunities it presents.   Key Insights: ➡ What is Shadow IT? From unauthorized software to personal devices at work, discover the scope and impact. ➡Why Employees Use Shadow IT: Explore the motivations behind bypassing formal IT channels for quicker, user-friendly solutions. ➡Managing Risks While Encouraging Innovation: Learn practical steps to uncover, evaluate, and even integrate Shadow IT within your organization's security framework.   IT leaders, by embracing a balanced approach, we can transform Shadow IT from a security liability into a driver of innovation and user satisfaction. Discover how to enhance your IT governance while fostering a culture of transparency and agility.   #ShadowIT #Cybersecurity #ITGovernance #HBS   https://lnkd.in/gmhQJWPB

🛑 After approximately two months after #crowdstrike outage, we have experienced another Microsoft 365 apps outage, which occurred one day ago. Many services, such as Outlook, Teams, other 365 apps, and Azure services, were impacted. While the exact reason is unclear, it appears the issue may have been with the Internet Service provider - ISP provider. We're witnessing more frequent disruptions and outages affecting various industries. ⚠️ It’s important to recognize that while emerging cyber threats are increasing year over year, other outages involving dependent systems are also playing a significant role. Businesses must plan to mitigate and account for all such risks as part of their business risk analysis, including robust backup plans. 🔄 The list of potential disruptions is growing, and with these outages occurring more frequently, we need to change our strategy. We must review failure modes and thoroughly test all dependent system threats to identify alternative solutions that can help sustain business operations. 💡 While the CrowdStrike outage has been widely discussed, it wasn't the only case where testing may have fallen short. Take yesterday's Microsoft 365 apps outage, for example - #Microsoft should have had alternate solutions, like backup dongles or other failover/backup mechanisms, in place to ensure business continuity. ✅ Employees can switch to mobile data during an ISP outage, ensuring minimal disruption to work involving Microsoft 365 or other cloud services. ✅ Data center backups in different geographic regions to ensure business continuity during major outages ✅ If AT&T is down, users could connect via a VPN hosted in a different region or provider to access Microsoft services. ✅ Multi ISP failover George Kurtz Satya Nadella - Every business is learning from these outages. #microsoft365 #cybersecurity #cloudcomputing #businesscontinuity

Streamlining vulnerability assessments is often overlooked, but overcomplicating things doesn't make you smarter. I recently chatted with an MSSP about this. They had a 20-page assessment process. Crazy, right? No one's going to read, understand, or use that. You need to be able to explain your assessment strategy simply - both to your team and your clients. Here's how I suggested they approach it: 1. Be EFFICIENT. Assess just 10-20 key client computers for a good sample. 2. Show VALUE fast. Secure one machine to demonstrate the before/after impact. 3. Use AUTOMATION wisely. Look for tools that combine scanning, prioritization, and fixes in one platform. 4. Create CLEAR reports. Show decision-makers real improvements in security. 5. Turn assessments into SALES opportunities. Offer paid assessments, then propose ongoing managed services. Or the opposite: Give the assessment for free, then remediate as an upsell (This is the approach we love at Vicarius) 6. Stick to STANDARDS. Link findings to recognized benchmarks like CIS for credibility. 7. Cover MULTIPLE bases. Look at vulnerabilities, misconfigurations, cloud security, etc. 8. Offer CHOICES. Present good/better/best options tailored to each client. The goal is to have a smooth, repeatable process that clearly shows value to clients. With the right approach, MSSPs can use assessments to grow their managed security business effectively. What other ideas do you have for simplifying security assessments? I'm curious to hear your thoughts.

Today is a tough day for many everywhere. The global IT outage has left countless businesses and individuals scrambling. But amidst the chaos, there's an opportunity to learn and to grow more resilient. Check out: https://hubs.la/Q02Hj29C0 And remember, even tech giants face hurdles. It's how we respond that defines us. What's your take on the situation? How are you navigating these choppy waters? #TechOutage #BusinessResilience #Crowdstrike #Cybersecurity #Microsoft

One of cybersecurity’s most hallowed mantras echoes throughout the industry, as if carried by a dark corridor in a lost city. “Shift left!” it thunders. “Get security involved early!” Yet many security professionals find themselves playing catch-up. Ignored for new initiatives, we're often only invited when the champagne's popped and the new product is about to hit production — a moment better suited for confetti cannons than fire extinguishers. Cybersecurity professionals would love to be part of the celebration and blast off a few party poppers, too — but there’s no time for that after finding the lost cities of cloud deployed without oversight and outside of our tools and governance processes. Fire extinguishers it is, then. Finding these previously-unknown environments can set off panic. We know that security vulnerabilities likely lurk in these environments and they must be fixed, and fast. Getting started when security is invited late to the party is never easy, but the good news is that there is a playbook for exactly what to do in these situations. Following these eight tasks, in order, can help security teams understand and quickly bring projects they inherit running on Google Cloud under control. As you go through these steps, keep in mind that they might break the project. A good rule of thumb is to make good-faith efforts to communicate with impacted users and stakeholders before each action you take.

Boost Your Security in No Time 🛡️🔒  Check out the latest blog from our expert Jeff Rostis on 3 quick wins for enhancing security with Microsoft's SSE Solution.   Discover how you can:  1. Streamline Security Operations with integrated tools.  2. Enhance Threat Detection using advanced analytics.  3. Simplify Compliance with automated processes. Don’t miss out on these actionable insights to fortify your organization’s security posture! #CyberSecurity #MicrosoftSSE #NetrixGlobal #TechTips #SecuritySolutions 

How to turn vulnerability assessments into sales opportunities fast and easy

Today is a tough day for many everywhere. The global IT outage has left countless businesses and individuals scrambling. But amidst the chaos, there's an opportunity to learn and to grow more resilient. Check out: https://hubs.la/Q02HhMQP0 And remember, even tech giants face hurdles. It's how we respond that defines us. What's your take on the situation? How are you navigating these choppy waters? #TechOutage #BusinessResilience #Crowdstrike #Cybersecurity #Microsoft